Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Having troubles configuring an 1841 Router.

I'm trying to wrap my head around configuring an 1841 router.   I've cobbled this configuration together from various sources but I'm missing something, and I'm not able to see it.    Can someone please point out the incorrect areas in the config.

I have the following issues;

- The internal network doesn't reach the internet.

- The VPN connects fine but nothing is pingable from the client.

Thanks

Jimi

!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cte-router
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
enable secret 5 $1$K.C2$wJc8lfV3r9dpYj4jpfw.m1
enable password xxxxxxxxxxx
!
username xxxxxx privilege 15 secret 5 $1$QfHe$02IRc2GShVwUorwXxfsKx1
username xxx privilege 15 secret 5 $1$7IvD$weP2PhOrUyPYKZHSPEKju0
aaa new-model
!
!
aaa authentication login cteuser local
aaa authorization network ctegroup local
aaa session-id common
ip subnet-zero
no ip routing
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.150 192.168.1.254
!
ip dhcp pool cte-pool
   import all
   network 192.168.1.0 255.255.255.0
   dns-server 192.168.1.5 192.168.1.10
   default-router 192.168.1.254
   netbios-name-server 192.168.1.5 192.168.1.10
   lease 6
!
!
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 3
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group CTE
key vpnaccess234
dns 192.168.1.10 192.168.1.5
wins 192.168.1.10
pool VPN_Pool
include-local-lan
max-users 10
!
!
crypto ipsec transform-set vpnset esp-des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set vpnset
reverse-route
!
!
crypto map clientmap client authentication list cteuser
crypto map clientmap isakmp authorization list ctegroup
crypto map clientmap client configuration address initiate
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Loopback0
ip address 192.168.3.1 255.255.255.0
ip nat inside
!
interface FastEthernet0
description $FW_OUTSIDE$$ETH-WAN$
mac-address 0019.e4ae.9248
ip address dhcp client-id FastEthernet0 hostname cte-rt1
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
ip policy route-map VPN-Client
crypto map clientmap
!
interface FastEthernet1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
duplex auto
speed auto
!
interface Virtual-Template1 type tunnel
ip unnumbered Vlan1 
tunnel mode ipsec ipv4
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE2$$FW_INSIDE$
ip address 192.168.1.254 255.255.255.0
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip local pool VPN_Pool 192.168.2.100 192.168.2.110
ip classless
ip route 192.168.0.0 255.255.255.0 FastEthernet0
ip http server
no ip http secure-server
ip nat inside source list 101 interface FastEthernet0 overload
ip nat inside source static tcp 192.168.1.10 143 interface FastEthernet0 143
ip nat inside source static tcp 192.168.1.10 80 interface FastEthernet0 80
ip nat inside source static tcp 192.168.1.5 3390 interface FastEthernet0 3390
ip nat inside source static tcp 192.168.1.10 3389 interface FastEthernet0 3389
!
!
access-list 101 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 144 permit ip 192.168.2.0 0.0.0.255 any
route-map VPN-Client permit 10
match ip address 144
set ip next-hop 192.168.3.2
!
!
control-plane
!
!
line con 0
no modem enable
transport preferred all
transport output all
line aux 0
line vty 0 4
password xxxxxxxxx
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
!
end

Everyone's tags (3)
2 REPLIES

Re: Having troubles configuring an 1841 Router.

Hi

1]----- The VPN connects fine but nothing is pingable from the client.

You don't have any layer three interface on this router.

Here you should use the ip of the Pool that you define. i.e 192.168.2.1

interface Loopback1
ip address 192.168.2.1 255.255.255.0

2] The internal network doesn't reach the internet.

Use default route 0.0.0.0 0.0.0.0 Fa0

Regards

Chetan kumar

Re: Having troubles configuring an 1841 Router.

Hi

Configure a default route as mentioned by Chetan and try applying the below config.

no ip nat inside source list 101 interface FastEthernet0 overload

no route-map VPN-Client permit 10

no access-list 144

no access-list 101

!

ip nat inside source route-map nonat interface FastEthernet0 overload

!

access-list 101 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

!

route-map nonat permit 10

match ip address 101

regds

634
Views
0
Helpful
2
Replies